rcp

Synopsis

Description

The rcp command copies files between machines. Each filename or directory argument
is either a remote file name of the form:

hostname:path

or a local file name (containing no : (colon) characters, or /
(backslash) before any : (colon) characters).

The hostname can be an IPv4 or IPv6 address string. See inet(7P)
and inet6(7P). Since IPv6 addresses already contain colons, the hostname should be
enclosed in a pair of square brackets when an IPv6 address is
used. Otherwise, the first occurrence of a colon can be interpreted as the
separator between hostname and path. For example,

[1080::8:800:200C:417A]:tmp/file

If a filename is not a full path name, it is interpreted
relative to your home directory on hostname. A path on a remote
host can be quoted using \ , " , or ' , so that the metacharacters
are interpreted remotely. Please notice that the kerberized versions of rcp are
not IPv6-enabled.

rcp does not prompt for passwords. It either uses Kerberos authentication which
is enabled through command-line options or your current local user name must
exist on hostname and allow remote command execution by rsh(1).

The rcp session can be kerberized using any of the following Kerberos
specific options : -a, -PN or -PO, -x, and -krealm. Some
of these options (-a, -x and -PN or -PO) can also be
specified in the [appdefaults] section of krb5.conf(4). The usage of these options and
the expected behavior is discussed in the OPTIONS section below. If Kerberos
authentication is used, authorization to the account is controlled by rules in
krb5_auth_rules(5). If this authorization fails, fallback to normal rcp using rhosts occurs
only if the -PO option is used explicitly on the command line
or is specified in krb5.conf(4). If authorization succeeds, remote copy succeeds without
any prompting of password. Also notice that the -PN or -PO, -x,
and -krealm options are just supersets of the -a option.

rcp handles third party copies, where neither source nor target files are
on the current machine. Hostnames can also take the form

username@hostname:filename

to use username rather than your current local user name as the
user name on the remote host. rcp also supports Internet domain addressing
of the remote host, so that:

username@host.domain:filename

specifies the username to be used, the hostname, and the domain in
which that host resides. File names that are not full path names
are interpreted relative to the home directory of the user named username,
on the remote host.

Options

The following options are supported:

-a

This option explicitly enables Kerberos authentication and trusts the .k5login file for access-control. If the authorization check by in.rshd(1M) on the server-side succeeds and if the .k5login file permits access, the user is allowed to carry out the rcp transfer.

-krealm

Causes rcp to obtain tickets for the remote host in realm instead of the remote host's realm as determined by krb5.conf(4).

-Krealm

This option explicitly disables Kerberos authentication. It canbe used to override the autologin variable inkrb5.conf(4).

-p

Attempts to give each copy the same modification times, access times, modes, and ACLs if applicable as the original file.

-PO

-PN

Explicitly requests new (-PN) or old (-PO) version of the Kerberos “rcmd” protocol. The new protocol avoids many security problems prevalant in the old one and is regarded much more secure, but is not interoperable with older (MIT/SEAM) servers. The new protocol is used by default, unless explicitly specified using these options or through krb5.conf(4). If Kerberos authorization fails when using the old “rcmd” protocol, there is fallback to regular, non-kerberized rcp. This is not the case when the new, more secure “rcmd” protocol is used.

-r

Copies each subtree rooted at filename; in this case the destination must be a directory.

-x

Causes the information transferred between hosts to be encrypted. Notice that the command is sent unencrypted to the remote system. All subsequent transfers are encrypted.

Usage

See largefile(5) for the description of the behavior of rcp when encountering
files greater than or equal to 2 Gbyte ( 231 bytes).

The rcp command is IPv6–enabled. See ip6(7P). IPv6 is not currently supported
with Kerberos V5 authentication.

For the kerberized rcp session, each user can have a private authorization
list in a file .k5login in their home directory. Each line in
this file should contain a Kerberos principal name of the form principal/instance@realm.
If there is a ~/.k5login file, then access is granted to the
account if and only if the originater user is authenticated to one
of the principals named in the ~/.k5login file. Otherwise, the originating user is
granted access to the account if and only if the authenticated principal
name of the user can be mapped to the local account name
using the authenticated-principal-name -> local-user-name mapping rules. The .k5login file (for access control)
comes into play only when Kerberos authentication is being done.

See Also

Notes

rcp is meant to copy between different hosts. Attempting to rcp a
file onto itself, as with:

example% rcp tmp/file myhost:/tmp/file

results in a severely corrupted file.

rcp might not correctly fail when the target of a copy is
a file instead of a directory.

rcp can become confused by output generated by commands in a $HOME/.profile
on the remote host.

rcp requires that the source host have permission to execute commands on
the remote host when doing third-party copies.

rcp does not properly handle symbolic links. Use tar or cpio piped
to rsh to obtain remote copies of directories containing symbolic links or
named pipes. See tar(1) and cpio(1).

If you forget to quote metacharacters intended for the remote host, you
get an incomprehensible error message.

rcp fails if you copy ACLs to a file system that does
not support ACLs.

rcp is CSI-enabled except for the handling of username, hostname, and domain.

When rcp is used to perform third-party copies where either of the
remote machines is not running Solaris, the exit code cannot be relied
upon. That is, errors could occur when success is reflected in the
exit code, or the copy could be completely successful even though an error
is reflected in the exit code.